php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25713 endless self call loop
Submitted: 2003-10-01 09:53 UTC Modified: 2003-10-01 19:34 UTC
Votes:3
Avg. Score:3.7 ± 1.9
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:2 (100.0%)
From: kevin at netflex dot nl Assigned:
Status: Wont fix Package: Reproducible crash
PHP Version: 4.3.3 OS: Windows/Netware and maybe more
Private report: No CVE-ID: None
 [2003-10-01 09:53 UTC] kevin at netflex dot nl
Description:
------------
if you create an function that calls himself with an pass by ref. variable then as a result PHP crashes.

tested with:
* PHP 5.0.0b2-dev (snapshot: php5-win32-200309251030.zip) on Windows (Apache2 2.0.47 and Windows 2003)
* PHP 4.3.3 on Windows (Apache2 2.0.47 and Windows 2003)
* PHP 4.2.3 on Netware (Apache2 2.0.47 and Netware 6.5)

In the web browser appears the page: "can't find server"
and in the log files there is no information about the error/crash

Reproduce code:
---------------
crash($test = 0);

function crash(&$test) {
	if ($test < 10)
		crash($test);
	$test++;
}

Expected result:
----------------
the variable test with an value of (int)10

Actual result:
--------------
with PHP4 on Windows only php crashes and with PHP5 on Windows and PHP4 on Netware both php and apache2 crashes.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-10-01 10:08 UTC] kevin at netflex dot nl
The problem isn't with the call by ref. but with the following situation:

if you have an function that calls himself endless then PHP crashes.

See the firt post for more information.
 [2003-10-01 10:33 UTC] sniper@php.net
1. You didn't search the bug database first
2. This is expected.
3. We won't "fix" it.

 [2003-10-01 11:14 UTC] kevin at netflex dot nl
1. we did
2. buffer overflow?? is this normal for you??
3. i don't agree, i could crash any php hosting if i want.

;-)
 [2003-10-01 11:36 UTC] moriyoshi@php.net
function crash(&$test) {
	if ($test < 10)
		crash($test);
	$test++;
}

There's no chance $test is incremented. So no matter how the variable is passed to the function, it will definitely go into an infinite loop and end up eating up all the stack area which really causes segmentation fault.


 [2003-10-01 11:49 UTC] kevin at netflex dot nl
i know, (mistake from me ;-).

But now the problem is that i can crash the server if i want by making an endless loop (with calls).
 [2003-10-01 13:23 UTC] moriyoshi@php.net
You should first try hard to crash it with that tiny script.
If it really was to go wrong, then reopen this bug to let us know what did actually happen on your server :)

 [2003-10-01 13:34 UTC] moriyoshi@php.net
Anyway, that's expected behaviour as stated in other bug reports.
 [2003-10-01 16:54 UTC] kevin at netflex dot nl
script to crash the server:

crash();

function crash() {
  crash();
}


tested with:
* PHP 5.0.0b2-dev (snapshot: php5-win32-200309251030.zip) on Windows
(Apache2 2.0.47 and Windows 2003)
* PHP 4.3.3 on Windows (Apache2 2.0.47 and Windows 2003)
* PHP 4.2.3 on Netware (Apache2 2.0.47 and Netware 6.5)
 [2003-10-01 19:34 UTC] sniper@php.net
We know this, now leave this closed.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 14 23:01:26 2024 UTC